Gogs Zero-Day Exposes Servers to Remote Code Execution
The critical-severity issue, assigned a CVSS score of 9.4, is an argument injection flaw that can be exploited by authenticated attackers via pull requests with malicious branch names. The post Gogs Zero-Day Exposes Servers to Remote Code Execution appeared first on SecurityWeek.
The popular open source self-hosted Git service Gogs is affected by a critical-severity zero-day vulnerability that exposes servers to remote code execution (RCE), Rapid7 reports.
The critical-severity issue, assigned a CVSS score of 9.4, is an argument injection flaw that can be exploited by authenticated attackers via pull requests with malicious branch names.
In a technical report, Rapid7 explains that the pull requests inject “the –exec flag into git rebase during the ‘Rebase before merging’ merge operation”, leading to command execution with the privileges of the Gogs server process user.
Source: https://www.securityweek.com/gogs-zero-day-exposes-servers-to-remote-code-execution/
Related breach coverage
- Critical Vulnerability in HP VoIP Phones Enables Enterprise Network Breaches2026-06-02
A stack-based buffer overflow bug can be exploited for remote code execution on a vulnerable device. The post Critical Vulnerability in HP VoIP Phones Enables Enterprise Network Breaches appeared first on SecurityWeek.
- Exploit Code Published for Critical Flowise RCE Vulnerability2026-05-30
The one-click vulnerability allows attackers to execute arbitrary code on self-hosted Flowise servers by tricking users into importing a malicious chatflow. The post Exploit Code Published for Critical Flowise RCE Vulnerability appeared first on SecurityWeek.
- Chrome 148 Update Patches 151 Vulnerabilities2026-05-29
The browser update resolves critical-severity security defects that could potentially lead to remote code execution. The post Chrome 148 Update Patches 151 Vulnerabilities appeared first on SecurityWeek.
- CVE-2026-35616: FortiClient EMS Flaw Actively Exploited in Malware Attacks2026-05-28
Threat actors are exploiting a critical FortiClient EMS flaw, tracked as CVE-2026-35616, to deploy malware on unpatched systems. Threat actors are exploiting a critical FortiClient EMS vulnerability, tracked as CVE-2026-35616 (CVSS score of 9.1), that allows remote code execution without authentication. Fortinet released fixes in April after confirming zero-day attacks in the wild and urged […]